A
securityA
licenseA
qualityA Model Context Protocol server designed for testing backend APIs for security vulnerabilities like authentication bypass, injection attacks, and data leakage.
Last updated -
14
12
MIT License
Mythic MCP
A quick MCP demo for Mythic, allowing LLMs to pentest on our behalf!
Requirements
uv
python3
Claude Desktop (or other MCP Client)
Usage with Claude Desktop
To deploy this MCP Server with Claude Desktop, you'll need to edit your claude_desktop_config.json to add the following:
{
"mcpServers": {
"mythic_mcp": {
"command": "/Users/xpn/.local/bin/uv",
"args": [
"--directory",
"/full/path/to/mythic_mcp/",
"run",
"main.py",
"mythic_admin",
"mythic_admin_password",
"localhost",
"7443"
]
}
}
}
Once done, kick off Claude Desktop. There are sample prompts to show how to task the LLM, but really anything will work along the lines of:
You are an automated pentester, tasked with emulating a specific threat actor. The threat actor is APT31. Your objective is: Add a flag to C:\win.txt on DC01. Perform any required steps to meet the objective, using only techniques documented by the threat actor.
Related MCP Servers
- AsecurityAlicenseAqualityA Model Context Protocol server that integrates essential penetration testing tools (Nmap, Gobuster, Nikto, John the Ripper) into a unified natural language interface, allowing security professionals to execute and chain multiple tools through conversational commands.Last updated -92399MIT License
- -securityAlicense-qualityProvides a bridge between large language models and the Metasploit Framework, enabling AI assistants to access and control penetration testing functionality through natural language.Last updated -302Apache 2.0
- -securityFlicense-qualityAn MCP server that integrates various penetration testing tools, enabling security professionals to perform reconnaissance, vulnerability scanning, and API testing through natural language commands in compatible LLM clients like Claude Desktop.Last updated -6